<?php
/***************************************************************************
 *                           pilotemail_submit.php
 *                            -------------------
 *                       (APU) Automated Pilot Utility
 *   begin                : Sunday Nov 26, 2006
 *   copyright            : (C) 2004-2006 SF Games
 *   email                : techsupport@sf-games.com
 ****************************************************************************/
 
 	include_once('common.php');
 	include_once('config.php');
	include_once('dbcommon.php');
	include_once('randomQuote.php');

	// Page generation timer start.
	$time = microtime();
	$time = explode(" ", $time);$time = $time[1] + $time[0];$start = $time;

	// Global
	$aErrors = array();
	$posted  = array("PILOT_ID" => "", "PASSWORD" => "", "SUBJECT" => "", "MESSAGE" => "", "EMAIL_PILOT_ID" => "");

	$db = mysql_connect($dbhost, $dbuname, $dbpass)
		or die("Error: in pirep_submit.php. Could not connect to the SQL server " .mysql_error());
	mysql_select_db($dbname);

	htmlHeader();
	vaTable($vaName);

	// Gather Form POST variables and validate
	$posted = gatherPost($posted);

	// Validate user id / password combo
	if ( validateUser($posted["PILOT_ID"], $posted["PASSWORD"]) == false )
		array_push($aErrors, "The Pilot ID and or Password given, is incorrect");
	$posted["PASSWORD"] = "";

	// Display any errors from the above functions
	if ( count($aErrors) > 0 )
	{
		echo "	<table class=\"table_roster_footer\">\n";
		echo "	<tbody>\n";
		echo "		<tr>\n";
		echo "			<td><span class=\"textred\">\n";
		echo "<div class=\"textdarkCenter\">There are " .count($aErrors) ." submission errors found!<br /><br /></div>\n";

		foreach ($aErrors as $sErr)
			echo $sErr ."<br />\n";

		echo "<div class=\"textdarkCenter\"><br />Press your browsers back button <a href=\"" .$referrer ."\">or here</a> and correct the invalid entries.<br /><br /></div>\n";
		echo "</span></td>\n";
		echo "		</tr>\n";
		echo "	</tbody>\n";
		echo "	<tfoot><tr><td colspan=\"1\"></td></tr></tfoot>\n";
		echo "	</table>\n";
	}
	else
	{
		// Get sending pilots e-mail address
		$query  = 'SELECT PILOT_ID, FIRST_NAME, LAST_NAME, EMAIL FROM ' .$table_prefix .'PILOTS WHERE PILOT_ID = ' .sqlfix($posted["PILOT_ID"]);
		$result = mysql_query($query);
		if ( !$result )
			die("Error: in sendPilotEmail() from pilotemail_submit.php. Query for Pilot ID in table PILOTS failed. " .mysql_error());
		$sendingPilot = mysql_fetch_array($result, MYSQL_ASSOC);

		// Get receiving pilots e-mail address
		$query  = 'SELECT PILOT_ID, FIRST_NAME, LAST_NAME, EMAIL FROM ' .$table_prefix .'PILOTS WHERE PILOT_ID = ' .sqlfix($posted["EMAIL_PILOT_ID"]);
		$result = mysql_query($query);
		if ( !$result )
			die("Error: in sendPilotEmail() from pilotemail_submit.php. Query for Pilot ID in table PILOTS failed. " .mysql_error());
		$receivingPilot = mysql_fetch_array($result, MYSQL_ASSOC);

		if ( sendPilotEmail($posted, $sendingPilot, $receivingPilot) )
			echo "Your e-mail has been sent to " .$receivingPilot['FIRST_NAME'] ." " .$receivingPilot['LAST_NAME'] ."<br/><br/>\n";
		else
			echo "There was a problem sending the e-mail<br/>Try again later.<br/><br/>";
	}
 
 	// End page timing
 	$time = microtime();$time = explode(" ", $time);$time = $time[1] + $time[0];
 	$finish = $time;$totaltime = ($finish - $start);
 	$quote = new RandomQuote;
	printf ("This page %s in %f seconds<br/><br/>", $quote->getQuote(), $totaltime);

 	htmlFooter();
 
 ?>
 
 
 <?php
 
 			//////////////////////////////////////////////////
 			//                                              //
 			//          Roster Support Functions            //
 			//                                              //
 			//////////////////////////////////////////////////
 
 //
 // Display rosters HTML header
 //
 function htmlHeader()
 {
 	echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n";
 	echo "<html xmlns=\"http://www.w3.org/1999/xhtml\">\n";
 	echo "<head>\n";
 	echo "<title>APU E-mail Pilot</title>\n";
 	include_once('header.php');

	echo "<style type=\"text/css\" media=\"screen\"> <!-- @import url(apu.css); --> </style>\n";

 	echo "</head>\n";
 	echo "<body>\n";
 	echo "<div align=\"center\">\n";
 }
 
 //
 // Display the rosters HTML footer
 //
 function htmlFooter()
 {
 	global $rosterNavigateTo;
 	global $rosterNavigateVerbiage;
 	global $APU_COPYRIGHT;
 
 	// Display return to another page link/table
 	echo "	<table class=\"table_roster_footer\">\n";
 	echo "	<tbody>\n";
 	echo "		<tr>\n";
 	echo "			<td><div align=\"center\"><span class=\"textdark\">Click <a href=\"" .$rosterNavigateTo ."\">here</a> " .$rosterNavigateVerbiage ."</span></div></td>\n";
 	echo "		</tr>\n";
 	echo "	</tbody>\n";
 	echo "	<tfoot><tr><td colspan=\"1\"></td></tr></tfoot>\n";
 	echo "	</table>\n";
 
 	// Display Copyright
 	echo "<p>" .$APU_COPYRIGHT ."</p>\n";
 
 	// End HTML
 	echo "</div>\n";
 	echo "</body>\n";
 	echo "</html>\n";
 }
 
 //
 // Display VA name in top table
 //
 function vaTable($vaName)
 {
 	echo "	<p>&nbsp;</p>\n";
 	echo "	<table class=\"table_roster_header\">\n";
 	echo "		<tbody>\n";
 	echo "			<tr>\n";
 	echo "				<td><div align=\"center\"><span class=\"textredBLrg\">" .$vaName ."<br/>Pilot Email</span></div></td>\n";
 	echo "			</tr>\n";
 	echo "		</tbody>\n";
 	echo "		<tfoot><tr><td></td></tr></tfoot>\n";
 	echo "	</table>\n";
 	echo "	<p>&nbsp;</p>\n";
}

//
// Gather POSTed variables from the form submission
//
// Function validates lengths of required variables, strips any HTML and PHP and trims
// the string of leading and trailing white space.
//
// The global $aErrors may contain zero or more errors if any are found.
//
function gatherPost($posted)
{
	include('config.php');
	include('commondefs.php');	// include_once no workie for some dumb reason here. $MAX_ID_LENGTH will not be anything
	global $aErrors;

	if ( isset($_POST['pilotID']) )
	{
		if ( strlen($_POST['pilotID']) > 0 && strlen($_POST['pilotID']) <= $MAX_ID_LENGTH )
		{
			$posted['PILOT_ID'] = strip_tags($_POST['pilotID']);
			$posted['PILOT_ID'] = trim($posted['PILOT_ID']);

			if ( $bCapitalizedID )
				$posted['PILOT_ID'] = strtoupper($posted['PILOT_ID']);
		}
		else
			array_push($aErrors, "Your Pilot ID is empty or exceeds the allowed length of " .$MAX_ID_LENGTH);
	}

	if ( isset($_POST['password']) )
	{
		if ( strlen($_POST['password']) > 0 && strlen($_POST['password']) <= $MAX_PASSWORD_LENGTH )
		{
			$posted["PASSWORD"] = strip_tags($_POST['password']);
			$posted["PASSWORD"] = trim($posted["PASSWORD"]);
		}
		else
			array_push($aErrors, "Your Password is empty or exceeds the allowed length of " .$MAX_PASSWORD_LENGTH);
	}

	if ( isset($_POST['subject']) )
	{
		if ( strlen($_POST['subject']) > 0 && strlen($_POST['subject']) <= $MAX_EMAIL_SUBJECT_LENGTH )
		{
			$posted['SUBJECT'] = strip_tags($_POST['subject']);
			$posted['SUBJECT'] = trim($posted['SUBJECT']);
		}
		else
			array_push($aErrors, "Your email subject line is empty or exceeds the allowed length of " .$MAX_EMAIL_SUBJECT_LENGTH);
	}

	if ( isset($_POST['message']) )
	{
		if ( strlen($_POST['message']) > 0 && strlen($_POST['message']) <= $MAX_EMAIL_MESSAGE_LENGTH )
		{
			$posted['MESSAGE'] = strip_tags($_POST['message'], "<br><p>");
			$posted['MESSAGE'] = trim($posted['MESSAGE']);
		}
		else
			array_push($aErrors, "Your Pilot ID is empty or exceeds the allowed length of " .$MAX_EMAIL_MESSAGE_LENGTH);
	}

	if ( isset($_POST['emailPilotID']) )
	{
		$posted['EMAIL_PILOT_ID'] = strip_tags($_POST['emailPilotID']);
		$posted['EMAIL_PILOT_ID'] = trim($posted['EMAIL_PILOT_ID']);
	}
	else
		array_push($aErrors, "No Pilot ID was passed in to the form. This page has probably been accessed in a non-standard manner.");

	return $posted;
}

//
// Send the Email
//
function sendPilotEmail($posted, $sendingPilot, $receivingPilot)
{
	include('config.php');

	// Send an E-mail to pilot and admin e-mail if not null
	$to = $receivingPilot['EMAIL'];

	$subject = $posted['SUBJECT'];
	$message = $posted['MESSAGE'];

	// Add additional stuff to the e-mail message
	$message .= "<br><br>\n";
	$message .= "<hr>\n";
	$message .= "This e-mail was sent via the Automated Pilot Utility for and by: " .$sendingPilot['FIRST_NAME'] ." " .$sendingPilot['LAST_NAME'] ." - " .$sendingPilot['PILOT_ID'] ."<br>\n";
	$message .= "To reply to this person, use this e-mail: <a href=\"mailto:" .$sendingPilot['EMAIL'] ."\">" .$sendingPilot['EMAIL'] ."</a><br>\n";
	$message .= "<hr>\n";

	return sendEmail("Pilot to Pilot E-mail", $to, $subject, $message);
}

?>
